Re: [PATCH] drivers/fpga: copy userspace array safely

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 02, 2023 at 07:49:09PM +0100, Philipp Stanner wrote:
> dfl.c utilizes memdup_user() and array_size() to copy a userspace array.
> Currently, this does not check for an overflow.

array_size() actually checks for overflow, so please re-write the changelog.

Thanks,
Yilun

> 
> Use the new wrapper memdup_array_user() to copy the array more safely.
> 
> Suggested-by: Dave Airlie <airlied@xxxxxxxxxx>
> Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx>
> ---
> Linus recently merged this new wrapper for Kernel v6.7
> ---
>  drivers/fpga/dfl.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/fpga/dfl.c b/drivers/fpga/dfl.c
> index dd7a783d53b5..e69b9f1f2a50 100644
> --- a/drivers/fpga/dfl.c
> +++ b/drivers/fpga/dfl.c
> @@ -2008,8 +2008,8 @@ long dfl_feature_ioctl_set_irq(struct platform_device *pdev,
>  	    (hdr.start + hdr.count < hdr.start))
>  		return -EINVAL;
>  
> -	fds = memdup_user((void __user *)(arg + sizeof(hdr)),
> -			  array_size(hdr.count, sizeof(s32)));
> +	fds = memdup_array_user((void __user *)(arg + sizeof(hdr)),
> +				hdr.count, sizeof(s32));
>  	if (IS_ERR(fds))
>  		return PTR_ERR(fds);
>  
> -- 
> 2.41.0
> 




[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux